Fixed user service JWT validation, that skipped role check if user is admin (meaning if a user is once an admin, their token will coninue to be valid, even if we removed their admin role)

author: Syndamia <kamen.d.mladenov@protonmail.com> 2021-02-04 15:39:16 +0200
committer: Syndamia <kamen.d.mladenov@protonmail.com> 2021-02-04 15:39:16 +0200
commit: c01cfa373f440ee8defb4b7c69f4445149a65281 (patch)
tree: 830a89cbaa79ccb5eb74fd60bd84ca07ba4d707f /src/DevHive.Services/Services/UserService.cs
parent: 8e09ab34b54718af7753ba7d7e4e370ab14efa1a (diff)
download: DevHive-c01cfa373f440ee8defb4b7c69f4445149a65281.tar
DevHive-c01cfa373f440ee8defb4b7c69f4445149a65281.tar.gz
DevHive-c01cfa373f440ee8defb4b7c69f4445149a65281.zip
1 files changed, 0 insertions, 3 deletions
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index 3feca9f..9cc4a8e 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -191,9 +191,6 @@ namespace DevHive.Services.Services
 			/* Check if user is trying to do something to himself, unless he's an admin */
 
 			/* Check roles */
-			if (jwtRoleNames.Contains(Role.AdminRole))
-				return true;
-
 			if (!jwtRoleNames.Contains(Role.AdminRole))
 				if (user.Id != id)
 					return false;
author	Syndamia <kamen.d.mladenov@protonmail.com>	2021-02-04 15:39:16 +0200
committer	Syndamia <kamen.d.mladenov@protonmail.com>	2021-02-04 15:39:16 +0200
commit	c01cfa373f440ee8defb4b7c69f4445149a65281 (patch)
tree	830a89cbaa79ccb5eb74fd60bd84ca07ba4d707f /src/DevHive.Services/Services/UserService.cs
parent	8e09ab34b54718af7753ba7d7e4e370ab14efa1a (diff)
download	DevHive-c01cfa373f440ee8defb4b7c69f4445149a65281.tar DevHive-c01cfa373f440ee8defb4b7c69f4445149a65281.tar.gz DevHive-c01cfa373f440ee8defb4b7c69f4445149a65281.zip